Get hacked, don’t tell: drone base didn’t report virus

Officials at Creech Air Force Base in Nevada knew for weeks about a virus …

Officials at Creech Air Force Base in Nevada knew for two weeks about a virus infecting the drone “cockpits” there. But they kept the information about the infection to themselves—keeping the unit that’s supposed to serve as the Air Force’s cybersecurity specialists in the dark. The network defenders at the 24th Air Force learned of the virus by reading about it in Danger Room.

“It was not highlighted to us,” says a source involved with Air Force network operations. “When your article came out, it was like, ‘What is this?’”

The drones are still flying over warzones from Afghanistan to Pakistan to Yemen. There’s no sign, yet, that the virus either damaged any of the systems associated with the remotely-piloted aircraft or transmitted sensitive information outside the military chain of command—although three military insiders caution that a full-blown, high-level investigation into the virus is only now getting underway.

Nevertheless, the virus has sparked a bit of a firestorm in military circles. Not only were officials in charge kept out of the loop about an infection in America’s weapon and surveillance system of choice, but the surprise surrounding that infection highlights a flaw in the way the US military secures its information infrastructure: There’s no one in the Defense Department with his hand on the network switch. In fact, there is no one switch to speak of.

The four branches of the US armed forces each has a dedicated unit that, in theory, is supposed to handle cyber defense for the entire service. The 24th Air Force, for example, “is the operational warfighting organization that establishes, operates, maintains and defends Air Force networks,” according to a military fact sheet. These units are then supposed to provide personnel and information to US Cyber Command, which is supposed to oversee the military’s overall network defense.

In practice, it’s not that simple. Unlike most big private enterprises, the 24th doesn’t have a centralized system for managing and monitoring its networks. There’s no place at the 24th’s San Antonio headquarters where someone could see all the digital traffic hurtling through the service’s pipes. In fact, most of the major commands within the Air Force don’t have formal agreements carry the other’s network traffic. (The 24th Air Force did not immediately respond to requests to comment for this article.)

“We’d never managed the entire Air Force network as a single enterprise,” Vince Ross, the program manager of the Air Force Electronic Systems Center’s Cyber Integration Division, said in March. “That meant there was no centralized management of the network, that systems and hardware weren’t standardized, and that top-level commanders didn’t have complete situational awareness.”

The plan is to one day integrate all that infrastructure into a single Air Force network. But for now, it’s largely cybersecurity by the honor system. Each base and each unit in the Air Force has its own geek squad. They only call for help if there’s a broader network problem, or if they’re truly stumped.

That didn’t happen when a so-called “keylogger” virus hit Creech more than two weeks ago.

“Nothing was ever reported anywhere. They just didn’t think it was important enough,” says a second source involved with operating the Air Force’s networks. “The incentive to share weaknesses is just not there.”

Not even when that weakness hits the robotic weapons that have become the lynchpin for American military operations around the planet.

"The plan is to one day integrate all that infrastructure into a single Air Force network."

Let's call this network Skynet..

You do realize that is exactly what they are going to name it, right?

in an organization consisting of sci-fi, blockbuster consuming alpha males, i wouldn't be surprised. Air Force operational planners and fighter jocks like to call themselves "Jedi Knights", F-16's are called "Vipers", etc.

If having a keylogger that doesn't call home constitutes as "being hacked"... The Iranians got nuclear hacked?

I just separated from the USAF, and I can tell you, the comm guys are just overwhelmed. They have a handful of people handling an entire base. That entire base is a separate entity from other bases within the same numbered AF, and then they are an entirely different thing from another numbered AF in the same MAJCOM. Not to mention you've got multiple MAJCOMs dependent upon where you're located.

It's a real bear, but when you try to compare it to a corporation, it just has no real equal. I don't know of many companies that have to have the same network security in Greenland that they have in Japan.

Realistically speaking, I'm not sure how much of a security risk it is when a keylogger can't call home....which would be the case on military SIPRnet systems behind our encryption systems that isolate the network from the rest of the world.

If having a keylogger that doesn't call home constitutes as "being hacked"... The Iranians got nuclear hacked?

I just separated from the USAF, and I can tell you, the comm guys are just overwhelmed. They have a handful of people handling an entire base. That entire base is a separate entity from other bases within the same numbered AF, and then they are an entirely different thing from another numbered AF in the same MAJCOM. Not to mention you've got multiple MAJCOMs dependent upon where you're located.

It's a real bear, but when you try to compare it to a corporation, it just has no real equal. I don't know of many companies that have to have the same network security in Greenland that they have in Japan.

If a keylogger got in, what else got in? maybe the Iranians updated the GPS target calculations slightly to push things 5 meters off course. do you know what kind of damage that would do.

The useless keylogger could be a red-herring designed to lure people into a false sense of "it's harmless, not much to worry about". Granted, this one probably isn't, but I wouldn't want to bet on it. And the results are clear -- throw in a red herring like this and it may buy your virus an additional month of play time even after being discovered.

<quote>“Nothing was ever reported anywhere. They just didn’t think it was important enough."</quote><quote>“It’s getting a lot of attention,” the source says. “But no one’s panicking. Yet.”</quote>

These are two of the most chilling things I've heard in a long time. If you have a keylogger on your system that you can't get rid of, you should assume you are p0wnezd, game over. Sirens should go off and red lights should flash. Yeah, it looks bad to get keylogged, but hushing it up for weeks is waaaaaaay worse (incompetent AND stupid). This is national security, people: call the NSA if you have to.

If we found keyloggers in my company's secure systems, you can bet we wouldn't leave the building until we had removed them and triple-checked the entire network.

If this is indicative of the the state of our military's security, we are fsck'd.

If this is indicative of the the state of our military's security, we are fsck'd.

Yep. As the good ol' boys are realizing that they have no control, I wonder how long until everything we do has to be tracked and approved through an official government system. Y'know, for our own safety.

We attack countries without declaring war or anything else. The government just goes ahead and bombs the crap out of anyone they disagree with. The United States hasn't declared a formal state of war since WWII.

Hmm, what would I do with the keystrokes of Predator pilots... Study them perhaps? Make my own system using them? Find a way to disrupt or send a kill code to them? Ya, of course this shouldn't be reported. It's prolly just nothing. Right?

Edit: Also, when I see "Cyber Command" I envision Optimus Prime barking orders at the autobots.

"The plan is to one day integrate all that infrastructure into a single Air Force network."

Let's call this network Skynet..

You do realize that is exactly what they are going to name it, right?

in an organization consisting of sci-fi, blockbuster consuming alpha males, i wouldn't be surprised. Air Force operational planners and fighter jocks like to call themselves "Jedi Knights", F-16's are called "Vipers", etc.

Yeah, we all fly jets. You realize that the AF is 90% air and 10% force, right? Most people are support...

Anyway, as network tech with experience with bases from a variety of locations, I don't find it surprising at all. In fact, you have no idea how gigantic and silly this shit gets. The DoD has a monolithic network. As you might guess, it's a bit of a mess and impossible to manage.

This sort of thing happens because predator units are currently the babies of the Air Force. They get whatever they want and they think that the rules don't apply to them. I can't wait until it all comes back to bite those entitled pricks in their fresh little asses.